Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Dave Hansen <dave.hansen@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>
Subject: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
From: "Yu, Yu-cheng" <yu-cheng.yu@xxxxxxxxx>
Date: Wed, 9 Sep 2020 16:07:07 -0700
Cc: Dave Martin <Dave.Martin@xxxxxxx>, "H.J. Lu" <hjl.tools@xxxxxxxxx>, Florian Weimer <fweimer@xxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, "open list:DOCUMENTATION" <linux-doc@xxxxxxxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, linux-arch <linux-arch@xxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Balbir Singh <bsingharora@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Cyrill Gorcunov <gorcunov@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Eugene Syromiatnikov <esyr@xxxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Mike Kravetz <mike.kravetz@xxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Ravi V. Shankar" <ravi.v.shankar@xxxxxxxxx>, Vedvyas Shanbhogue <vedvyas.shanbhogue@xxxxxxxxx>, Weijiang Yang <weijiang.yang@xxxxxxxxx>
In-reply-to: <ab1a3344-60f4-9b9d-81d4-e6538fdcafcf@intel.com>
References: <086c73d8-9b06-f074-e315-9964eb666db9@intel.com> <73c2211f-8811-2d9f-1930-1c5035e6129c@intel.com> <af258a0e-56e9-3747-f765-dfe45ce76bba@intel.com> <ef7f9e24-f952-d78c-373e-85435f742688@intel.com> <20200826164604.GW6642@arm.com> <87ft892vvf.fsf@oldenburg2.str.redhat.com> <CALCETrVeNA0Kt2rW0CRCVo1JE0CKaBxu9KrJiyqUA8LPraY=7g@mail.gmail.com> <0e9996bc-4c1b-cc99-9616-c721b546f857@intel.com> <4f2dfefc-b55e-bf73-f254-7d95f9c67e5c@intel.com> <CAMe9rOqt9kbqERC8U1+K-LiDyNYuuuz3TX++DChrRJwr5ajt6Q@mail.gmail.com> <20200901102758.GY6642@arm.com> <c91bbad8-9e45-724b-4526-fe3674310c57@intel.com> <CALCETrWJQgtO_tP1pEaDYYsFgkZ=fOxhyTRE50THcxYoHyTTwg@mail.gmail.com> <32005d57-e51a-7c7f-4e86-612c2ff067f3@intel.com> <46dffdfd-92f8-0f05-6164-945f217b0958@intel.com> <ed929729-4677-3d3b-6bfd-b379af9272b8@intel.com> <6e1e22a5-1b7f-2783-351e-c8ed2d4893b8@intel.com> <5979c58d-a6e3-d14d-df92-72cdeb97298d@intel.com> <ab1a3344-60f4-9b9d-81d4-e6538fdcafcf@intel.com>
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0

On 9/9/2020 3:59 PM, Dave Hansen wrote:

On 9/9/20 3:08 PM, Yu, Yu-cheng wrote:

After looking at this more, I found the changes are more similar to
mprotect() than madvise().  We are going to change an anonymous mapping
to a read-only mapping, and add the VM_SHSTK flag to it.  Would an
x86-specific mprotect(PROT_SHSTK) make more sense?

One alternative would be requiring a read-only mapping for
madvise(MADV_SHSTK).  But that is inconvenient for the application.


Why?  It's just:

	mmap()/malloc();
	mprotect(PROT_READ);
	madvise(MADV_SHSTK);

vs.

	mmap()/malloc();
	mprotect(PROT_SHSTK);

I'm not sure a single syscall counts as inconvenient.

I don't quite think we should use a PROT_ bit for this.  It seems like
the kind of thing that could be fragile and break existing expectations.
  I don't care _that_ strongly though.

What if a writable mapping is passed to madvise(MADV_SHSTK)? Shouldthat be rejected?

Follow-Ups:
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen

References:
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Martin
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Florian Weimer
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Andy Lutomirski
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: H.J. Lu
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Martin
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Andy Lutomirski
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen

Prev by Date: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Next by Date: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Previous by thread: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Next by thread: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Newbies] [x86 Platform Driver] [Netdev] [Linux Wireless] [Netfilter] [Bugtraq] [Linux Filesystems] [Yosemite Discussion] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Device Mapper]